package com.story.web.filters;

import java.io.IOException;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import com.story.web.utils.JsonUtils;
import com.story.web.utils.WebUtils;

public class RoleAuthorizationFilter extends AuthorizationFilter {
	@Override
	protected boolean onAccessDenied(ServletRequest request,
			ServletResponse response) throws IOException {
		HttpServletRequest httpRequest = (HttpServletRequest) request;  
        HttpServletResponse httpResponse = (HttpServletResponse) response;          
        Subject subject = getSubject(request, response); 
        if(subject.getPrincipal()==null){
        	if(WebUtils.isAjax(httpRequest)){
        		/*JsonUtils.sentToResponse(httpResponse.getOutputStream(),
        				WebUtils.createMessage("requestError", "您还没有登陆或者登陆时间过长,请重新登陆！"));
        				*/
        		httpResponse.setHeader("sessionStatus", "401");
        		return false;
        	}else{
        		saveRequestAndRedirectToLogin(request, response);  
        		return false;
        	}
        }else{
        	return true;
        }		
	}

	@Override
	protected boolean isAccessAllowed(ServletRequest request,
			ServletResponse response, Object mappedValue) throws Exception {
		// TODO Auto-generated method stub
		return false;
	}

}
